Network Management

1
Network Management

• Network Management Tools Minimodule 8, 2006-04-03

By Ole Krog Thomsen TDC
2
Tools Catalog
3
BERT
4
Status Monitoring Tools
5
ifConfig

• Used to assign/read an address to/of an interface
• Option -a is to display all interfaces
• Notice two interface loop-back (lo0) and Ethernet
  (eth0)

6
ifConfig (example)

• okt_at_okt examples /sbin/ifconfig
• eth0 Link encapEthernet HWaddr
  0004AC3D08DC
• inet addr192.168.1.6
  Bcast192.168.1.255 Mask255.255.255.0
• UP BROADCAST NOTRAILERS RUNNING
  MTU1500 Metric1
• RX packets6 errors0 dropped0
  overruns0 frame0
• TX packets2 errors0 dropped0
  overruns0 carrier0
• collisions0 txqueuelen100
• RX bytes1177 (1.1 Kb) TX bytes650
  (650.0 b)
• Interrupt10 Base address0xb000
• lo Link encapLocal Loopback
• inet addr127.0.0.1 Mask255.0.0.0
• UP LOOPBACK RUNNING MTU16436
  Metric1
• RX packets188 errors0 dropped0
  overruns0 frame0
• TX packets188 errors0 dropped0
  overruns0 carrier0
• collisions0 txqueuelen0
• RX bytes12242 (11.9 Kb) TX
  bytes12242 (11.9 Kb)

7
ping

• Most basic tool for internet management
• Based on ICMP ECHO_REQUEST message
• Available on all TCP/IP stacks
• Useful for measuring connectivity
• Useful for measuring packet loss
• Can do auto-discovery of TCP/IP equipped stations
  on single segment

8
ping (example)

• okt_at_okt examples ping g-bisserne.dk
• PING g-bisserne.dk (193.162.159.70) from
  192.168.1.6 56(84) bytes of data.
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq0 ttl124 time21.208 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq1 ttl124 time29.963 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq2 ttl124 time19.965 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq3 ttl124 time29.967 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq4 ttl124 time19.963 msec
• --- g-bisserne.dk ping statistics ---
• 5 packets transmitted, 5 packets received, 0
  packet loss
• round-trip min/avg/max/mdev 19.963/24.213/29.967
  /4.719 ms

9
nslookup

• An interactive program for querying
  InternetDomain Name System servers
• Converts a hostname into an IP address and vice
  versa querying DNS
• Useful to identify the subnet a host or node
  belongs to
• Lists contents of a domain, displaying DNS
  record
• Available with BSD UNIX FTP from uunet.uu.net
• Available in Windows NT

10
nslookup (examples)

• okt_at_okt examples nslookup g-bisserne.dk
• Note nslookup is deprecated and may be removed
  from future releases.
• Consider using the dig' or host' programs
  instead. Run nslookup with
• the -silent' option to prevent this message
  from appearing.
• Server 193.162.159.194
• Address 193.162.159.19453
• Non-authoritative answer
• Name g-bisserne.dk
• Address 193.162.159.70
• --------------------------------------------------
  -------------------------------------
• okt_at_okt examples nslookup 193.162.159.194
• Note nslookup is deprecated and may be removed
  from future releases.
• Consider using the dig' or host' programs
  instead. Run nslookup with
• the -silent' option to prevent this message
  from appearing.
• Server 193.162.159.194
• Address 193.162.159.19453
• Non-authoritative answer

11
Domain Name Groper dig

• Used to gather lots of information on hostsfrom
  DNS

12
dig (example)

• okt_at_okt examples dig inet.tele.dk
• ltltgtgt DiG 9.1.3 ltltgtgt inet.tele.dk
• global options printcmd
• Got answer
• -gtgtHEADERltlt- opcode QUERY, status NOERROR,
  id 22034
• flags qr aa rd ra QUERY 1, ANSWER 0,
  AUTHORITY 1, ADDITIONAL 0
• QUESTION SECTION
• inet.tele.dk. IN A
• AUTHORITY SECTION
• inet.tele.dk. 900 IN SOA
  ns14.inet.tele.dk. hostmaster.tele.dk. 2002051702
  14400 7200 604800 900
• Query time 35 msec
• SERVER 193.162.159.19453(193.162.159.194)
• WHEN Wed May 22 220714 2002
• MSG SIZE rcvd 82

13
host

• Command host
• Displays host names using DNS
• Available from ftp.nikhef.nl/pub/network/host.tar
  .Z

okt_at_okt examples host g-bisserne.dk g-bisserne.
dk. has address 193.162.159.70
14
Traffic Monitoring Tools
15
Packet Loss Measurement

• Command ping
• Many options available
• Implementation varies from system to system

16
ping (example)

• okt_at_okt examples ping g-bisserne.dk
• PING g-bisserne.dk (193.162.159.70) from
  192.168.1.6 56(84) bytes of data.
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq0 ttl124 time21.208 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq1 ttl124 time29.963 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq2 ttl124 time19.965 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq3 ttl124 time29.967 msec
• 64 bytes from agurk.dk (193.162.159.70)
  icmp_seq4 ttl124 time19.963 msec
• --- g-bisserne.dk ping statistics ---
• 5 packets transmitted, 5 packets received, 0
  packet loss
• round-trip min/avg/max/mdev 19.963/24.213/29.967
  /4.719 ms

17
bing

• Used to determine throughput of a link
• Uses icmp_echo utility
• Knowing packet size and delay, calculates
  bandwidth
• bing L1 and L2 and the difference yields the
  bandwidth of link L1-L2
• Bandwidth of link L1-L2 could be higher than the
  intermediate links

18
snoop

• Puts a network interface in promiscuous mode
• Logs data on
• Protocol type
• Length
• Source address
• Destination address
• Reading of user data limited to superuser

19
snoop (example)
20
EtherealCaptureOptions
21
Ethereal capture display
22
(No Transcript)
23
Network Routing Tools
24
netstat (example)

• okt_at_okt examples netstat -r
• Kernel IP routing table
• Destination Gateway Genmask
  Flags MSS Window irtt Iface
• 192.168.1.0 255.255.255.0 U
  40 0 0 eth0
• 127.0.0.0 255.0.0.0 U
  40 0 0 lo
• default 192.168.1.1 0.0.0.0
  UG 40 0 0 eth0

25
Route Tracing

• Command traceroute (UNIX) / tracert (MS Windows)
• Available in most UNIX OS
• ICMP Also available from uc.msc.unm.edu
• Discovers route taken by packets from source
  todestination
• Useful for diagnosing route failures
• Useful for detecting bottleneck nodes

26
Trace Route Sample 1
27
Trace Route Sample 2

• Traceroute from TDC Tele Danmark Net
• traceroute to sunsite.auc.dk
• 1 hsrp.sltnxf.ip.tele.dk (195.249.15.220)
  0.869 ms 0.933 ms
• 2 fe1-1-0-4.sltnxt2.ip.tele.dk (195.249.15.177)
  1.472 ms 1.451 ms 1.299 ms
• 3 pos4-2.155M.arcnxg1.ip.tele.dk
  (195.249.12.245) 1.329 ms 1.265 ms 1.530 ms
• 4 pos7-0.2488M.albnxg1.ip.tele.dk
  (195.249.6.125) 4.299 ms 4.237 ms 4.085 ms
• 5 pos4-0.622M.lynxg1.ip.tele.dk (80.63.81.69)
  4.338 ms 12.997 ms 3.800 ms
• 6 fnetgw.denet.dk (192.38.7.1) 4.536 ms 4.290
  ms 4.412 ms
• 7 lyngby2.lyngby-groen.darenet.dk
  (130.225.242.130) 5.089 ms 4.607 ms 4.507 ms
• 8 aalborg1.icbackbones.darenet.dk
  (130.225.242.7) 9.982 ms 10.490 ms 10.154 ms
• http//trace.tele.dk/cgi-bin/nph-first
• ftp//ftptest1.tele.dk/pub/

28
Network Management Tools

• SNMP command tools
• MIB Walk
• snmpsniff

29
SNMP Command Tools

• snmpget
• snmpgetnext
• snmpset
• snmptrap
• snmpwalk
• snmpget localhost public sysDescr.0

30
SNMP Browser
31
Protocol Analyzer
32
Network Statistics

• Protocol Analyzers
• RMON Probe / Protocol analyzer
• MRTG (Multi router traffic grouper)
• Home-grown program using tcpdump or SNMP counters

33
ADSL traffic
34
MRTG

• Multi Router Traffic Grouper (Oeticker and Rand)
• www.ee.ethz.ch/stats/mrtg/
• Generates graphic presentation of traffic on Web
• Daily view
• Weekly view
• Monthly view
• Yearly view

35
Enterprise Management

• Management of data transport
• IBM Netview, Sun Solstice, HP OpenView,Cabletron
  Spectrum
• Systems management
• CA Unicenter and Tivoli TME
• Network and systems management
• Partnerships
• Telecommunications management
• TMN, Operations systems
• Service management and policy management

36
NMS Components
37
Multi-NMS Configuration
38
Network Configuration

• Configure agents
• Configure management systems
• Community administration parameters
• Community name
• MIB view
• Trap targets
• Auto-discovery Scope

39
Network Monitoring

• By polling
• By traps
• Failure indicated by pinging or traps
• Ping frequency optimized for network load
  vs.quickness of detection
• trap messages linkdown, linkUp, coldStart,
  warmStart, etc.
• Network topology discovered by auto-discovery
• Monitoring done at multiple levels - drilling

40
Commercial NMS System Solutions

• Enterprise NMS
• Hewlett-Packard OpenView
• Sun SunNet Manager
• IBM Netview
• Cabletron Spectrum Enterprise Manager
• Low End NMS
• SNMPc
• System Network Management
• Computer Associates Unicenter TNG
• Tivoli TME / Netview
• Big Brother
• Spong

41
HP OpenView Network Node Manager

• Auto-discovery and mapping
• Drill-down views
• Fault monitoring
• Event monitoring
• MIB Browser
• SNMP tools
• Traffic monitoring
• 3rd party integration

42
HP OpenView Application

• OpenView is Hewlett-Packards platform for
  Network Management
• Many NMSs use OpenView Platform CiscoWorks,
  CA TNG, Transcend
• NNM is HP NMS on OpenView
• Drill-down Map Hierarchy

43
HP OpenView Platform
44
(No Transcript)
45
Management Applications

• OSI Model
• Fault
• Configuration
• Accounting
• Performance
• Security

46
(No Transcript)
47
Fault Management

• Fault is a failure of a network component
• Results in loss of connectivity
• Fault management involves
• Fault detection
• Polling
• Traps linkDown, egpNeighborLoss
• Fault location
• Detect all components failed and trace down the
  tree topology to the source
• Fault isolation by network and SNMP tools
• Use artificial intelligence / correlation
  techniques
• Restoration of service
• Identification of root cause of the problem
• Problem resolution

48
Fault Location
Ping
Ping
Ping
OAM
49
(No Transcript)
50
ATM fault location
51
Highlight ATM Path
52
ATM Path
53
ATM Crossconnect
54
Configuration Management

• Provisioning
• Network Provisioning
• Service Provisioning
• Inventory Management
• Equipment
• Facilities
• Network Topology
• Database Considerations

55
Circuit Provisioning

• Network Provisioning
• Provisioning of network resources
• Design
• Installation and maintenance
• Circuit-switched network
• Packet-switched network, configuration for
• Protocol
• Performance
• QoS
• ATM networks

56
(No Transcript)
57
(No Transcript)
58
Virtual LAN Configuration
59
Virtual LAN Configuration
60
Network Topology

• Manual
• Auto-discovery by NMS using
• Broadcast ping
• ARP table in devices
• Mapping of network
• Layout
• Layering
• Views
• Physical
• Logical

61
Topology View
62
Accounting Management

• Least developed
• Usage of resources
• Hidden cost of IT usage (libraries)
• Functional accounting
• Business application

63
Performance Management

• Tools
• Performance Metrics
• Data Monitoring
• Performance Statistics

64
Performance Metrics

• Macro-level
• Throughput
• Response time
• Availability
• Reliability
• Micro-level
• Bandwidth
• Utilization
• Error rate
• Peak load
• Average load

65
Performance Statistics

• Traffic statistics
• Error statistics
• Used in
• QoS tracking
• Performance tuning
• Validation of SLA
• Trend analysis
• Facility planning
• Functional accounting

66
(No Transcript)
67
Service and Service Level Agreements

• A service is a named offering, describing a set
  of items (service elements) supplied by a service
  provider to its customers

68
Service and Service Level Agreements

• A Service Level Agreement (SLA) is a legal
  contractual agreement between two parties for the
  service under contract, specifically between the
  Customer and the Service Provider. It establishes
  a guarantee of the level of service provided, it
  require documentation by both the Customer and
  the Service Provider. The SLA is based on
  Performance Reporting of the service level
  parameters covered by the SLA.

69
Quality Metrics for Service Performance
Availability
70
Quality Metrics for Service Performance

• Availability in PSTN
• Is the number of cases where a dial-tone is
  obtained as a percentage of the total number of
  lifting of the receiver
• Measurements are performed on a daily basis, and
  requirement are stated in terms of minimum
  expected monthly average, and minimum monthly 95
  percentile

71
Quality Metrics for Service Performance

• Delay
• measured as turn around time (PING)
• sensitive to selection of Service Access Point
• not relevant to circuit switched services
• statistical variance (mean and 95 percentile)

72
Quality Metrics for Service Performance

• Throughput
• ratio of transferred traffic to the offered
  traffic
• number of bytes transferred relative to nominal
  speed
• measured in bytes/cells/frames/packets pr. second

73
Quality Metrics for Service Performance
End-To-End versus Edge-To-Edge Service Access
Points
74
Security Management

• Security threats
• Policies and Procedures
• Resources to prevent security breaches
• Firewalls
• Cryptography
• Authentication and Authorization
• Client/Server authentication system
• Message transfer security
• Network protection security

75
Secured Communication Network
76
Firewalls

• Protects a network from external attacks
• Controls traffic in and out of a secure network
• Could be implemented in a router, gateway, or a
  special host
• Benefits
• Reduces risks of access to hosts
• Controlled access
• Eliminates annoyance to the users
• Protects privacy (e.g. finger)
• Hierarchical implementation of policy and
  technology (e.g. finger)

77
Cryptography

• Secure communication requires
• Integrity protection ensuring that the message
  is not tampered with
• Authentication validation ensures the originator
  identification
• Security threats
• Modification of information
• Masquerade
• Message stream modification
• Disclosure
• Hardware and software solutions
• Most secure communication is software based

78
Secret Key Cryptography
79
Public Key Cryptography
80
Message Digest

• Message digest is a cryptographic hash algorithm
  added to a message
• One-way function
• Analogy with CRC
• If the message is tampered with the message
  digest at the receiving end fails to validate
• MD5 (used in SNMPv3) commonly used MD
• MD5 takes a message of arbitrary length (32-Byte)
  blocks and generates 128-bit message digest
• SHS (Secured Hash Standard) message digest
  proposed by NIST handles 264 bits and generates
  160-bit output

81
Digital Signature
82
Authentication and Authorization

• Authentication verifies user identification
• Client/server environment
• Ticket-granting system
• Authentication server system
• Cryptographic authentication
• Messaging environment
• e-mail
• e-commerce
• Authorization grants access to information
• Read, read-write, no-access
• Indefinite period, finite period, one-time use